Experience Summary Sys

Security checks across malware telemetry and agentic risk

Overview

This memory skill is transparent about what it does, but it intentionally preserves deleted or reset conversations into long-lived summaries and can reuse them later.

Install only if you intentionally want OpenClaw conversation history, including deleted or reset sessions, summarized into persistent local memory and reused later. Before enabling the cron jobs, consider excluding deleted/reset files, narrowing memory retrieval to explicit user requests, adding retention limits, and reviewing generated memory files for sensitive content.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: The skill explicitly expands its data collection scope to include deleted/reset conversation files and preserve them in summary artifacts, which exceeds the stated purpose of routine experience summarization. Deleted or reset content often reflects a user intent to discard or withdraw information, so retaining and reusing it creates a privacy and data-minimization failure with elevated sensitivity.

Ssd 3

High

Confidence: 98% confidence
Finding: The instructions direct the system to preserve deleted/reset conversations and later include their contents in generated summaries, potentially resurfacing sensitive user details after the user tried to remove them. This violates user expectations around deletion, increases unauthorized disclosure risk, and can leak private data into long-lived memory files used by later responses.

Ssd 3

Medium

Confidence: 92% confidence
Finding: The AGENTS.md guidance tells the agent to proactively search historical memory and inject prior conversation content into replies based on broad triggers like '之前' or topical similarity. This can surface unrelated or sensitive historical content without explicit user consent in the current conversation, especially when combined with long-lived storage of prior sessions.

Ssd 4

High

Confidence: 99% confidence
Finding: The skill creates a pipeline that first archives all conversations, including deleted/reset ones, and then normalizes their later retrieval through summaries and memory search. This compounding workflow is more dangerous than either step alone because sensitive content can persist across derived files and be resurfaced repeatedly even after the original session was deleted.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal